My journey through eJPT
Hello guys, what’s up 😃. I hope all of you are having a good time. I managed to complete my eJPT exam on 18th July 2021. I want to thank INE instructor Lukasz Mikula for providing the training and the awesome community for providing helpful resources & advice that helped me during this journey. In this post, I would like to share my thoughts, tips, and my personal experiences about the exam.
> What is eJPT?
Ok so for anyone who hasn’t heard of eJPT its stands for Elearnsecurity Junior Penetration Tester. It is a beginner-level hands-on practical certification on penetration testing and information security essentials. You can find more details about the certification at ElearnSecurity’s official website.
> What about the training
Well, the training is provided by an IT Training company called INE. INE is the parent company of ElearnSecurity. ElearnSecurity is purely a certification body while INE provides all the training-related stuff for ElearnSecurity certifications. The eJPT training course is known as Penetration Testing Student (PTP).
INE has multiple pricing plans among them there’s this “starter pass” plan. The interesting thing is, with the INE’s starter pass you can access all of the eJPT training material including presentations, videos & lab exercises (with unlimited lab time) for FREE 🤩.
As for me, I participated in countless CTF events over the past year so I managed to complete the training quite fast because I was comfortable with using the tools 😎. [TIP] But I want to explicitly mention that Google is your best friend. If you got a doubt or a question google it. I can guaranty you will find the answers you’re looking for thanks to the awesome communities and people out there on the internet 💯.
[TIP] Takes notes in your training phase. This is really important. You can use digital note-taking apps like Cherrytree (my favorite), OneNote, Notion or you can even use a book to take down notes it’s all up to your taste. If you guys have any other note-taking personal favorites leave them down in the comments I would greatly appreciate it.
[TIP] Whenever you have some free time go through your notes for around 5-10 min. This will help you to remember the stuff that you’ve learned.
[TIP] If your using a notetaking app like Cherrytree do note that notes are stored on your device (offline). It is advised to always keep a backup of your notes in the cloud (Gitlab, Github, etc). This makes your notes accessible anywhere from any device + if something happened to your notes stored locally, you’ll have the backup in the cloud. Losing all your notes is the worst nightmare 😬.
[TIP] Try to build your own methodology to test a system. If you don’t have one try having someone else’s methodology template and customizing it to suit your needs over time. For example, this is the template I started with. Created by [email protected]:
> The Exam
Alright, so now you got the training. Now to the exam. The exam voucher will cost you $200. The exam voucher is valid for 180 days + you’ll get a free retake attempt. You have a maximum of 3 days (72 hours) to submit your answers. All the stuff that comes in the exam is covered in the training. So go through the training material carefully especially the labs and you are good to sit for the exam.
There are 20 questions that you got to answer. You need to answer at least 15 questions correctly in order to pass the exam. You’ll find the answers to these questions by enumerating and exploiting the machines/devices in the exam lab environment. [TIP] I strongly believe that enumeration is 90% of a successful pentest. The more you enumerate the more you get to know about the system and its inner workings which increases the chances of exploitation.
I like to talk about my exam experience 😅. So I started my exam on July 18th, 2021 which falls on a Sunday. So I had to go to the morning mass ⛪ with my parents. This helped me to relax my mind. I managed to start the exam at 10 am. You will receive the letter of engagement which consists of all the key points that you got to go through. This document mentions what you got to do in the exam (pentest). So read it carefully before you begin doing all the cool stuff you’ve learned in the training phase.
I finished the exam at 8.15 pm. I pressed the “Submit” button. Closed my eyes. Waited for around 10 seconds. Opened my eyes 👀. I was surprised to see that I have answered 18/20 questions correctly meaning that I have scored 90/100 🎉.
> Additional Resources
Here are some resources that I found useful:
- Pivioting: Check out the reddit thread
- Cheatsheets: eJPT-Cheatsheet by tejasanerao, ejpt-useful-commands by kentosec
- TryHackMe: Byte-sized gamified lessons. Useful to learn more about tool usage + technologies. Practice and bulid up your methodology.
- HackTheBox: Practice and bulid up your methodology.
If you guys have any other helpful resources please comment them down, you’re doing a great favor for the community to grow thank you. I hope the information I provided was helpful. If you guys have any questions or feedback please post them in the comment section. I’d love to hear from you. You can find me on Twitter @ShalindaFdo. THANK YOU 🙌.